NIST SP800-162：面向属性的访问控制（ABAC）指南：定义与考虑

需积分: 37 88 浏览量更新于2024-07-16 收藏 1.63MB PDF 举报

"NIST SP800-162.pdf"是一份由美国国家标准与技术研究院（NIST）发布的特别出版物，其标题为《基于属性的访问控制（ABAC）定义与考虑指南》。该文档聚焦于信息技术领域，特别是在保护信息安全和供应链管理方面的重要性。章节一介绍了信息通信技术（ICT）的复杂全球供应链生态，这个生态系统由众多公共和私营部门实体组成，包括系统集成商、供应商和服务提供商，它们共同设计、制造、分销和部署ICT产品和服务。随着联邦政府对商业信息技术解决方案的依赖增强，如现成的软件（COTS）和定制系统集成，这些供应链变得越来越庞大和复杂，但也带来了更高的风险。威胁可能包括假冒产品、未经授权的生产、恶意软件和硬件插入、以及供应链中产品质量和安全的隐患。由于全球化和恶意行为者的高精尖攻击手段，这些风险可能难以察觉，对最终用户构成潜在威胁。 NIST SP800-162的发布旨在帮助政府机构和组织更好地理解和实施基于属性的访问控制（ABAC），这是一种根据主体或客体的属性来决定访问权限的控制策略。通过这一指南，NIST旨在支持联邦信息安全管理体系（FISMA）的法规要求，提升系统的安全性、弹性和质量。该指南还强调了国际合作和国内国际供应链中潜在的安全挑战，提醒用户在选择和使用任何来源的ICT产品和服务时，需充分考虑其可能存在的漏洞和安全风险。这份报告不仅提供了关于ABAC概念和技术的详细解释，还着重于如何通过改进供应链管理、提高透明度和实施有效的风险管理策略，来保护组织免受ICT供应链威胁的影响。对于任何涉及敏感信息处理的组织来说，理解并遵循NIST SP800-162的建议是至关重要的，以确保其信息资产的安全和业务连续性。

vii

Executive Summary

The concept of Attribute Based Access Control (ABAC) has existed for many years. It represents a point

in the space of logical access control that includes access control lists, role-based access control, and the

ABAC method for providing access based on the evaluation of attributes. Traditionally, access control has

been based on the identity of a user requesting execution of a capability to perform an operation (e.g.,

read) on an object (e.g., a file), either directly, or through predefined attribute types such as roles or

groups assigned to that user. Practitioners have noted that this approach to access control is often

cumbersome to manage given the need to associate capabilities directly to users or their roles or groups. It

has also been noted that the requester qualifiers of identity, groups, and roles are often insufficient in the

expression of real-world access control policies. An alternative is to grant or deny user requests based on

arbitrary attributes of the user and arbitrary attributes of the object, and environment conditions that may

be globally recognized and more relevant to the policies at hand. This approach is often referred to as

ABAC.

In November 2009, the Federal Chief Information Officers Council (Federal CIO Council) published the

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Plan v1.0

[FEDCIO1],

which provided guidance to federal organizations to evolve their logical access control

architectures to include the evaluation of attributes as a way to enable access within and between

organizations across the Federal enterprise.

In December 2011, the FICAM Roadmap and Implementation

Plan v2.0 [FEDCIO2] took the next step of calling out ABAC as a recommended access control model for

promoting information sharing between diverse and disparate organizations. In December 2012, the

National Strategy for Information Sharing and Safeguarding included a Priority Objective that the Federal

Government should extend and implement the FICAM Roadmap across Federal networks in all security

domains. The U.S. General Services Administration (GSA) and the Federal CIO Council are designated

leads for this Objective, and are preparing an implementation plan.

espite the clear guidance to implement the FICAM Roadmap and contextual (risk adaptive) role or

attribute based access control, to date there has not been a comprehensive effort to formally define or

guide the implementation of ABAC within the Federal Government. This document serves a two-fold

purpose. First, it aims to provide Federal agencies with a definition of ABAC and a description of the

functional components of ABAC. Second, it provides planning, design, implementation, and operational

considerations for employing ABAC within an enterprise with the goal of improving information sharing

while maintaining control of that information. This document should not be interpreted as an analysis of

alternatives between ABAC and other access-control capabilities, as it focuses on the challenges of

implementing ABAC rather than on balancing the cost and effectiveness of other capabilities versus

ABAC.

ABAC is a logical access control model

that is distinguishable because it controls access to objects by

evaluating rules against the attributes of entities (subject and object), operations, and the environment

relevant to a request. ABAC systems are capable of enforcing both Discretionary Access Control (DAC)

and Mandatory Access Control (MAC) concepts. ABAC enables precise access control, which allows for

a higher number of discrete inputs into an access control decision, providing a bigger set of possible

combinations of those variables to reflect a larger and more definitive set of possible rules to express

policies.

The access co

ntrol policies that can be implemented in ABAC are limited only by the computational

language and the richness of the available attributes. This flexibility enables the greatest breadth of

subjects to access the greatest breadth of objects without specifying individual relationships between each

subject and each object. For example, a subject is assigned a set of subject attributes upon employment

viii

(e.g., Nancy Smith is a Nurse Practitioner in the Cardiology Department). An object is assigned its object

attributes upon creation (e.g., a folder with Medical Records of Heart Patients). Objects may receive their

attributes either directly from the creator or as a result of automated scanning tools. The administrator or

owner of an object creates an access control rule using attributes of subjects and objects to govern the set

of allowable capabilities (e.g., all Nurse Practitioners in the Cardiology Department can View the Medical

Records of Heart Patients). Under ABAC, access decisions can change between requests by simply

changing attribute values, without the need to change the subject/object re

lationships defining underlying

rule sets. This provides a more dynamic access control management capability and limits long-term

maintenance requirements of object protections.

Further, ABAC enables object owners or administrators to apply access control policy without prior

knowledge of the specific subject and for an unlimited number of subjects that might require access. As

new subjects join the organization, rules and objects do not need to be modified. As long as the subject is

assigned the attributes necessary for access to the required objects (e.g., all Nurse Practitioners in the

Cardiology Department are assigned those attributes), no modifications to existing rules or object

attributes are required. This benefit is often referred to as accommodating t

he external (unanticipated) user

and is one of the primary benefits of employing ABAC.

When deployed across an enterprise for the purposes of increasing information sharing among diverse

organizations, ABAC implementations can become complex—supported by the existence of an attribute

management infrastructure, machine-enforceable policies, and an array of functions that support access

decisions and policy enforcement.

In addition to the basic policy, attribute, and access control mechanism requirements, the enterprise must

support management functions for enterprise policy development and distribution, enterprise identity and

subject attributes, subject attribute sharing, enterprise object attributes, authentication, and access control

mechanism deployment and distribution. The development and deployment of these capabilities requires

the careful consideration of a number of factors that will influence the design, security, and

interoperability of an enterprise ABAC solution. These factors can be summarized around a set of

activities:

• Establish the Business Case for ABAC Implementation

• Understand the Operational Requirements and Overall Enterprise Architecture

• Establish or Refine Business Processes to Support ABAC

• Develop and Acquire an Interoperable Set of Capabilities

• Operate with Efficiency

The remainder of this document provides a more detailed explanation of ABAC concepts and

considerations for employment of enterprise ABAC capabilities. This document serves as a first step to

help planners, architects, managers, and implementers fulfill the information sharing and protection

requirements of the U.S. Federal Government, through the employment of ABAC.

1. Introduction

1.1 Purpose and Scope

The purpose of this document is to provide Federal agencies with a definition of Attribute Based Access

Control (ABAC) and provide considerations for using ABAC to improve information sharing while

maintaining control of that information. This document describes the functional components of ABAC, as

well as a set of issues for employing ABAC within a large enterprise without directly addressing

authentication mechanisms or all aspects of Identity Management

, thus assuming subjects are bound to

trusted identities or identity providers. The focus is on core ABAC concepts without addressing in detail

topics such as Attribute Engineering/Management, Integration with Identity Management, Federation,

Situational Awareness (Real Time or Contextual) Mechanism, Policy Management, and Natural Language

Policy translation to Digital Policy. The discussed considerations should not be deemed comprehensive.

Before selecting and deploying an ABAC product or technology, the hosting organization should augment

these considerations with testing and independent product reviews.

This docume

nt brings together many previously separate bodies of ABAC knowledge in order to bridge

gaps between available technology and best practice ABAC implementations, and strives to provide

guidelines that can be consistently applied throughout organizations. It can be used as an informational

guide for organizations that are considering deploying, planning to deploy, or are currently deploying

ABAC systems.

This guidance extends the information in NISTIR 7316, Assessment of Access Control Systems

[NIST7316]; NISTIR 7665, Proceedings of the Privilege Management Workshop

[NIST7665

]; NISTIR

7657, A Report on the Privilege (Access) Management Workshop [NIST7657]; and NISTIR 7874,

Guidelines for Access Control System Evaluation Metrics [NIST7874], which demonstrates the

fundamental concepts of policy, models, and properties of Access Control (AC) systems.

1.2 Audience

This document is intended to benefit and address the needs of two specific audiences:

• Persons who have a basic understanding of access control concepts and desire a general

understanding of ABAC concepts

• Access control subject matter experts or managers experienced in access control concepts who are

seeking detailed deployment or operational information on ABAC

1.3 D

ocument Structure

The rest of this document is divided into the following sections and appendixes:

• Section 2 provides a basic understanding of ABAC. It gives readers an overview of the current

state of logical access control, a working definition of ABAC, and an explanation of core and

enterprise level ABAC concepts.

Rea

ders can gain a general understanding of ABAC concepts

from just completing Section 2.

• Section 3 discusses ABAC enterprise employment considerations during the initiation,

acquisition/development, implementation/assessment, and operations/maintenance phases.

See NIST SP 800-63-1 at http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf and NIST SP 800-63-2 at

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf.

剩余45页未读，继续阅读

艾米的爸爸

粉丝: 793
资源: 314

NIST SP800-162：面向属性的访问控制（ABAC）指南：定义与考虑

美NIST标准-ABAC-中英文版本

nist 800-181标准中文版

NIST SP800-160-vol2-draft.pdf

NIST SP800-107.pdf

NIST SP800-147.pdf

NIST SP800-14.pdf

NIST SP800-55.pdf

NIST SP800-171.pdf

NIST SP800-176.pdf

NIST SP800-50.pdf

最新资源